Cryptography at a crossroads: moral responsibility, the cypherpunk movement and institutions

Original title: Cryptography at the Crossroads: Ethical Responsibility, the Cypherpunk Movement and Institutions
Original author: Eric Blair
Original translation: Kurt Pan, BTCStudy

Inspired by the Cypherpunk Manifesto and Phillip Rogaway's analysis of the ethical characteristics of cryptography, this article explores the intersection of cryptographic work and ethical responsibility with political activism. The discussion covers the historical context of the development of cryptography, the philosophical foundations of cypherpunk ideology, and contemporary challenges posed by large-scale surveillance and privacy issues. By examining these aspects, this article calls for a renewed commitment to developing cryptographic solutions that prioritize human rights and public goods.

Introduction

Cryptography has long been a tool for ensuring communication security and protecting privacy. However, its role has gone beyond the scope of technical implementation and covers important political and ethical dimensions. The Cypherpunk Manifesto[7], written by Eric Hughes in 1993, highlights the inherently political nature of cryptography and advocates for its use as a means of ensuring privacy and individual freedom. Similarly, the work of Phillip Rogaway[10] emphasizes the ethical responsibilities of cryptographers, particularly in the context of mass surveillance and social influence.

Fundamentally, cryptography can be seen as a means of “arming” the masses to protect themselves. The 1993 manifesto and Rogaway’s work emphasize two key points: distrust of government and protection of collective data. This view is echoed in the ideas of David Chaum, who proposed a transactional model that relies on strong encryption to protect privacy. Although more than 40 years have passed since these ideas were first proposed, the dream of protecting society from information abuse remains elusive. As Chaum warned:

"Computerization is depriving individuals of the ability to monitor and control how information about them is used. (…) The foundations are being laid for a profiling society in which computers can be used to infer individuals' lifestyles, habits, whereabouts, and relationships from data collected in ordinary consumer transactions"[5].

In reality, we have gone in a different direction. Today, we rely on this data to simplify and improve our lives. Moreover, we willingly provide this data to make devices "smarter" and better suited to our needs. On the one hand, this leaves us more time to focus on other tasks, such as developing advanced artificial intelligence techniques. On the other hand, we have also forgotten the essence of why cryptography was necessary and what the original dream was.

The shift from a privacy-centric perspective to one that embraces data sharing for the sake of convenience highlights a significant ethical dilemma. While technological advances have made life easier, they have also increased the risk of creating a surveillance society. The cypherpunk ethos of empowering individuals and protecting their privacy seems at odds with today’s practices. To reconcile these differences, cryptographers and privacy advocates must rekindle the original vision of cryptography—not just as a tool for seeking convenience, but as a means to preserve privacy, autonomy, and defend against uncontrolled surveillance.

Another paradigm shift involves the connection between cryptography and anarchism. As laid out in the original Crypto-Anarchist Manifesto, anarchist ideas and the use of cryptography are deeply intertwined. In essence, cryptography is seen as a tool to advance anarchist principles. Anarchism, which opposes all forms of authority and calls for the abolition of institutions, finds a natural ally in cryptographic technology.

In some ways, modern cryptographic practices continue to challenge institutional authority. Yet, there is a paradox here: while cryptography is designed to resist centralized control, its development and implementation is often dictated by experts and funded by large tech companies and institutions. This creates a tension between the decentralized ideals of anarchism and the reality of cryptographic innovation driven by powerful entities. To truly honor the vision of cypherpunks and anarchism, we must find ways to develop and deploy cryptographic tools that empower individuals while resisting any form of power consolidation.

There is also an ironic paradox about the centralization of knowledge in our community. One of the policies and mottos of the beloved IACR (International Association for Cryptologic Research) is to spread knowledge around the world. The original and pure idea is great; however, somewhere along the way, the idea became corrupted. Consider the purpose of a nonprofit organization. The word "nonprofit" is emphasized here. Yet, at every IACR meeting, one of the first slides presented is "We have a solid financial situation." Interestingly, for an association that wants transparency, it is difficult to find data about its "finances" other than attending meetings. Furthermore, every year we see conference registration fees and grants increase, while the original goal of sharing knowledge seems even more distant, or just a utopia.

To be frank, we simply built a masked company under the guise of an academic endeavor, taking advantage of early anarchism, well-known professors, and fun times building cryptography. This shift away from the fundamental principles of the cypherpunk and anarchist visions shows the need to return to the roots of cryptography development - ensuring it remains a tool to empower individuals and protect privacy from all forms of centralization and control.

In this article, we aim to present a comprehensive social view of cryptography and the entities that have made its advancement possible over the years. We will explore the moral and ethical responsibilities of cryptography, the origins of social movements that cryptography has influenced, and the current trajectory of cryptography. A focus will be tracing the historical importance of cryptography and how it has shaped various aspects of our society. By examining these elements, we hope to gain a deeper understanding of the multifaceted role of cryptography in the modern world.

Historical Context of Cryptography and Its Impact

Originally, cryptography was defined as a branch of mathematics and computer science that focused on developing techniques for encrypting and decrypting communications. Today, however, the scope of cryptography has expanded significantly. While modern cryptography is still rooted in mathematics, it also involves computer science, electrical engineering, physics, and several other disciplines. Thus, a more comprehensive definition of modern cryptography is: "Cryptology is the multidisciplinary field devoted to the study of digital security, aiming to provide tools to ensure the security of communications."

The development of cryptography was profoundly influenced by its use in wartime communications and its evolution into digital security applications. Some important historical milestones include:

· World War II and the Enigma Machine:The use of cryptography in military communications and its cracking by the Allies highlighted the dual nature of cryptographic work as both a security tool and a target for adversaries.

· The Emergence of Public Key Cryptography:The introduction of public key cryptosystems in the 1970s revolutionized secure communications and laid the foundation for the practice of modern cryptography.

· Shor's Algorithm and Prime Factorization:Development of quantum algorithms capable of breaking modern public key cryptography that has been deployed worldwide.

Cryptology made significant advances during World War II, a period of intense cryptographic and cryptanalytic activity. The success of cryptanalysis during this period highlighted the importance of rigorous analysis and the potential for vulnerabilities in cryptographic methods.

As the computer industry grew and private sector demand for secure hardware and software increased, restrictive regulations on the domestic use and export of cryptographic technology (initially classified as war equipment) became obsolete. Continued technological progress required state-of-the-art security measures [6]. Distrust of data collection and outdated regulations combined to lead to the advocacy of cryptography as both a market necessity and a form of resistance to growing surveillance systems.

A major scientific breakthrough in cryptography came in the mid-1990s with the development of Shor's algorithm. This quantum algorithm efficiently solves problems such as integer factorization and discrete logarithms, which form the basis of many classical cryptographic systems such as RSA and ECC. The advent of Shor's algorithm spurred the development of post-quantum cryptography, which aims to construct cryptographic algorithms that are resistant to quantum attacks. This has become an important area of research, as the potential implementation of quantum computers in the future could undermine the security of current cryptographic systems. Ensuring the transition to quantum-resistant cryptographic methods is essential to maintaining the integrity and security of digital communications in the post-quantum era.

Standardization bodies such as NIST (National Institute of Standards and Technology) and ISO (International Organization for Standardization) have played a vital role in the development and adoption of cryptographic standards, ensuring interoperability and security between different systems and applications. These standards provide guidelines for the secure implementation of cryptographic algorithms and protocols, which is essential for protecting sensitive information in various fields.

Cryptography is now the foundation of modern technologies such as blockchain, digital currencies, secure chat applications, and the Internet of Things (IoT). For example, blockchain technology relies on cryptographic hashes and digital signatures to ensure the integrity and authenticity of transactions. Similarly, end-to-end encryption in chat apps like Signal and WhatsApp ensures that only the intended recipient can read a message.

The field must also evolve to address a variety of cryptographic attacks, including side-channel attacks, brute-force enumeration attacks, and sophisticated cryptanalysis techniques. Researchers are also constantly developing new defenses and cryptographic primitives to enhance the security of digital systems and protect against these evolving threats.

Looking ahead, emerging trends in cryptographic research include advances in homomorphic encryption, which allows computation to be performed on encrypted data without decrypting it; zero-knowledge proofs, which can verify a statement without revealing any information other than that the statement is true; and quantum key distribution, which uses the principles of quantum mechanics to securely distribute cryptographic keys.

The Cypherpunk Manifesto: A Political Manifesto

In the book Cypherpunks: Privacy and Security in the Digital Age [3], Anderson addresses several questions about the ethics and manifestos of the cypherpunk movement from a new philosophical perspective. The book is relatively new and takes a modern approach to the ethics of the cypherpunk movement.

“However, cypherpunk philosophy is not only concerned with the politics of security and privacy. Fundamentally, the cypherpunk worldview is fundamentally normative, meaning that it is based on claims about what people and institutions ought to do and what society ought to be like.”[3]

This quote allows us to connect it to the anarchist movement, and even infer that cypherpunk philosophy can be seen as a digital iteration of anarchism. An analogy can be drawn with Bakunin’s early work, which echoes similar claims about social norms:

“We firmly believe that freedom without socialism is privilege and injustice, and socialism without freedom is slavery and barbarism.”[4]

Both passages emphasize fundamental beliefs about how society should be structured and the importance of balancing freedom and justice. Anderson’s cypherpunk philosophy emphasizes digital privacy and security, while Bakunin’s anarchism emphasizes the necessity of social freedom and equality. Together, they reflect a shared vision of normative principles that guide social ideals. This raises a natural question for the cypherpunk movement: “Is this the guide for a digital society?”

As mentioned earlier, we must recognize that the distinction between the “real” world and the “digital” world is becoming increasingly blurred. Therefore, another relevant question is: "Should we update our view of cryptographic construction to reflect this unified reality?"

The Cypherpunk Manifesto considers cryptography to be an essential tool for protecting privacy and promoting individual freedom in the digital age. The main principles of the manifesto include:

· Privacy as a fundamental right:It asserts that privacy is essential to a free society and that individuals must have the means to protect their personal information. This right to privacy is seen as a cornerstone of other civil liberties, emphasizing that without privacy, other freedoms are severely compromised.

· Decentralization and individual empowerment:It emphasizes the importance of decentralized systems and empowering individuals through strong cryptography. Decentralization is essential to prevent centralized entities from abusing their power, resulting in a more resilient and fair digital ecosystem.

· Activism and practical applications:Activists are encouraged to develop and deploy cryptographic tools to counter government and corporate surveillance. This activism is rooted in the belief that practical technological solutions are necessary to preserve freedoms in the digital age, where legislative measures alone may be insufficient.

In the modern world, where digital and physical realities are intertwined, the principles of the Cypherpunk Manifesto are more relevant than ever. Cryptography is not just a tool to protect information, but an essential element to ensuring individual sovereignty and resisting oppressive structures. As technology continues to evolve, the Manifesto's call for privacy, decentralization, and activism provides a critical framework for building a fair and just digital society.

Ethical Responsibilities of Cryptographers

Phillip Rogaway argues in his paper “The Moral Character of Cryptographic Work” [10] that cryptographic research is not value-neutral and that cryptographers have an ethical responsibility to consider the social and political impact of their work. He makes several key points:

· Ethical Responsibilities: Cryptographers should be aware of their ethical responsibilities and the impact of their work on society.

· Historical Context: Cryptography has been closely tied to government and military interests, particularly in surveillance and intelligence gathering.

· Surveillance and Control: Modern cryptographic work often indirectly supports surveillance and control systems, which may conflict with values of privacy and civil liberties.

· Public Goods: Cryptographers should aim to contribute to the public good by developing technologies that protect individual privacy and resist authoritarianism.

· Political Engagement:Rogaway encourages cryptographers to engage in politics and consider the broader social impact of their research.

Rogaway argues for a paradigm shift in cryptography, advocating for researchers to take a more socially conscious approach. This requires not only a focus on technical aspects, but also active participation in discussions about the ethical and political dimensions of their work.

Despite the influence of Rogaway’s article, ethical challenges in cryptographic scholarship have remained largely unchanged. This includes the International Association for Cryptologic Research (IACR), which still lacks a formal code of ethics guidelines.

Cryptology is inherently multidisciplinary—whether it is rooted in mathematics, computer science, or engineering—this raises questions about its ethical foundations. Karst and Slegers [8] emphasize the diversity of ethics among the various sectors that provide cryptographic education, and the need for shared ethical standards.

In contrast, some sectors exhibit more explicit ethical frameworks than others. For example, the Association for Computing Machinery (ACM) maintains a detailed code of ethics and professional conduct, including guidelines on honesty, privacy, and social contribution [1]. The American Mathematical Society (AMS) and the Mathematical Association of America (MAA) provide more general guidance on ethical behavior [2,9]. In fact, we could say that professional codes only briefly (and very vaguely) touch upon issues related to ethics:

“MAA requires its directors, officers, members, persons paid and contributing time to MAA, and all employees to observe high standards of business and personal ethics in the performance of their duties and responsibilities.”[9]

“Mathematicians have a duty to disclose, as necessary, the impact of their work to their employers and the public when mathematical work may affect public health, safety, or welfare.”[2]

Notably, the Society for Industrial and Applied Mathematics (SIAM) lacks a formal code of ethics. Another important cryptography organization, IACR, similarly lacks a comprehensive ethics statement despite its focus on cryptography. This gap is striking given the deep intersection of cryptography with political and social issues.

Philosophical Discussions on Ethics

Ethics is difficult to define due to its philosophical nature and the different interpretations in the literature. Ethics involves questions of morality, values, the rightness and wrongness of actions, and the principles that guide individual or collective behavior. It studies what constitutes good and bad behavior, how individuals should act in various situations, and the reasons behind moral judgments [11].

As a community with roots in mathematics and computer science, the cryptography community values precision in definitions and rigorous reasoning. However, moral reasoning provides a path toward more formal definitions. It involves constructing arguments supported by sound arguments and conclusions, aiming for accuracy and logical coherence.

"Our moral thinking should have two complementary goals: to act rightly, and to be able to support our views with sound reasoning. We want the truth, both in our initial hypotheses about a problem and in our ultimate conclusions. But we also want to make sure that our views are supported by good reasons. This provides two criteria for good moral reasoning: first, we must avoid false beliefs, and second, our moral thinking must be logically rigorous and free of error." [11, Chapter 1, page 10]

The debate over the ethics of cryptography work revolves around the balance between advancing technical capabilities and addressing the ethical consequences of such advances. Cryptographers must navigate a complex ethical terrain where their work can both protect individual privacy and enable surveillance. The ethical character of cryptographic work requires a reflective approach that considers how cryptographic tools and techniques impact societal norms and values. This debate is not only academic but has real-world implications, influencing policy decisions and shaping the future of privacy and security in the digital age. Addressing these ethical issues requires an ongoing dialogue between technologists, ethicists, policymakers, and the public to ensure that advances in cryptography align with the broader interests of society.

In other words, the field’s lack of a code of conduct and ethics could harm its future growth, especially as it attracts more scientists from different backgrounds and ages. We cannot assume that everyone will inherently adhere to the field’s ethical codes. However, establishing clear codes of ethics could ensure that statements by scholarly associations are more precise and consistent, aligning their bylaws with broader principles of scientific integrity and ethics.

Cryptography, Anarchism, and the Future

As mentioned in Section 3, the Cypherpunk Manifesto and anarchism show significant similarities. The relationship between cryptography and anarchism is rooted in their shared emphasis on privacy, individual freedom, and resistance to centralized control. Key intersections include:

· Privacy and Personal Autonomy:Anarchists advocate for individual autonomy and privacy, and oppose any form of control or surveillance by the state or other centralized authorities. Cryptography enables individuals to maintain their privacy and autonomy in the digital age.

· Resistance to Centralized Control:Anarchism opposes centralized control and hierarchical structures, and advocates for decentralization and voluntary association. Cryptography supports decentralized systems by enabling secure peer-to-peer communication and transactions without relying on centralized institutions.

· Empowering the Individual:Anarchists aim to empower individuals by dismantling oppressive institutions and enabling self-governance and mutual aid. Cryptographic tools enable individuals to protect their own data and communications, giving them control over their digital presence and interactions.

· Anonymity and Pseudonymity:Anonymity can be a strategy for anarchists to protect themselves from state repression and organize without fear of reprisal. Cryptographic technologies such as Tor and anonymous cryptocurrencies provide anonymity and pseudonymity, allowing individuals to operate without revealing their identities.

· Philosophical Foundations:The philosophical foundations of anarchism include a strong belief in individual freedom, non-coercion, and skepticism of authority. The Cypherpunk movement, which advocates the use of cryptography to achieve privacy and security, shares similar philosophical values.

· Historical Context:Throughout history, anarchists have often used secret communication methods to avoid detection and repression. The development of modern cryptography was driven in part by a desire to protect individuals and groups from repressive regimes.

From these key points, it is clear that cryptography is a key tool for achieving a variety of anarchist goals. Cryptographic methods are tailored to meet specific needs within an anarchist framework, such as ensuring secure communication channels, protecting activist identities, and facilitating decentralized collaboration. By enabling private and secure interactions, cryptography can help anarchists resist surveillance and maintain operational security. This technological empowerment enables the practical application of anarchist principles, fostering an environment where decentralized and voluntary associations can flourish without external interference.

In recent years, however, the values that once underpinned the development of cryptocurrencies appear to have been overshadowed by a focus on financial gain. The rise of cryptocurrencies, while initially aligned with ideals of decentralization and financial autonomy, has become increasingly dominated by speculative interests and profit motives. This shift toward monetization threatens to undermine the ethical foundations of cryptography and divert attention from its potential to protect privacy and empower individuals. The community must remember the original values articulated by the cypherpunks and strive to balance innovation with ethical considerations, ensuring that the pursuit of profit does not overshadow a commitment to privacy and individual freedom.

Cryptography has evolved significantly since the introduction of the Diffie-Hellman key exchange protocol. Initially, cryptography was a highly academic and scientific field focused on theoretical advancement and the pursuit of knowledge. Over time, however, it has evolved into a commercial field, with companies leveraging cryptographic techniques to develop and sell products. This commercialization has shifted the focus from academic exploration to market-driven solutions, often prioritizing profit over the ethical and scientific values that originally guided the field. It is critical for the cryptography community to return to its academic roots and reaffirm its commitment to scientific rigor and ethical responsibility. We need to refocus on several key academic aspects of cryptography. While standardized processes and secure implementations are important, should they consume all of our attention? Shouldn’t there be a future for exploring new attacks and developing alternative cryptographic schemes?

The intersection of cryptography and anarchism reveals a deep alignment around core values such as privacy, individual freedom, and resistance to centralized control. By exploring these connections in detail, we can better understand the role of cryptography in advancing these principles and addressing the ethical challenges that arise. Continued dialogue and collaboration between technologists, ethicists, and activists is essential to ensure that advances in cryptography contribute to a freer and more just society.

Another key point is the growing distance between the academic focus and the concept of “nonprofit” within our field. Shouldn’t our primary goal be the advancement of knowledge? When did we lose focus and let big tech companies dominate our conferences? For example, how can a student without a lot of funds afford to attend a conference in a city like Zurich, where registration fees are around 450 euros, plus hotel and travel expenses? While stipends offer a partial solution, wouldn’t it be better to choose cheaper locations to allow for wider participation? When did we become so elitist that we can’t hold conferences in less prestigious but more economical cities? This shift toward high-cost venues limits accessibility and inclusivity, which runs counter to the fundamental values of scholarship and scientific exploration.

References:

1.ACM. Acm code of ethics and professional conduct.
2.American Mathematical Society (AMS). Ethical guidelines of the american mathematical society.http://www.ams.org/about-us/governance/policy-statements/sec-ethics, 2024. [Online; accessed 10May-2024].
3.Patrick D Anderson. Cypherpunk ethics: Radical ethics for the digital age. Routledge, 2022.
4.Mikhail Bakunin. Federalism, socialism, anti-theologism. Bakunin on Anarchy: Selected Works by the Activist-Founder of World Anarchism, pages 102–147, 1867.
5.David Chaum. Security without identification: Transaction systems to make big brother obsolete.

Communications of the ACM, 28(10):1030–1044, 1985.
6.Whitfield Diffie and Susan Landau. Privacy on the Line: The Politics of Wiretapping and Encryption.MIT Press, 2001.
7.Eric Hughes. A cypherpunk's manifesto, 1993.
8.Nathaniel Karst and Rosa Slegers. Cryptography in context: co-teaching ethics and mathematics. PRIMUS, 29(9):1039–1059, 2019.
9.Mathematical Association of America (MAA). Welcoming environment, code of ethics, and whistleblower policy. http://www.maa.org/about-maa/policies-and-procedures/welcoming-environment-codeof-ethics-and-whistleblower-policy, 2024. [Online; accessed 10-May-2024].
10.Phillip Rogaway. The moral character of cryptographic work, 2015.
11.Russ Shafer-Landau. The fundamentals of ethics. Oxford University Press, 4 edition, 2018.

Original link